diff --git a/internal/admin/permissions.go b/internal/admin/permissions.go
new file mode 100644
index 0000000..736a665
--- /dev/null
+++ b/internal/admin/permissions.go
@@ -0,0 +1,39 @@
+package admin
+
+import (
+	"encoding/json"
+	"log"
+	"net/http"
+
+	"gitea.local/admin/hspguard/internal/repository"
+	"gitea.local/admin/hspguard/internal/util"
+	"gitea.local/admin/hspguard/internal/web"
+	"github.com/google/uuid"
+)
+
+func (h *AdminHandler) GetPermissions(w http.ResponseWriter, r *http.Request) {
+	userId, ok := util.GetRequestUserId(r.Context())
+	if !ok {
+		web.Error(w, "failed to get user id from auth session", http.StatusInternalServerError)
+		return
+	}
+
+	permissions, err := h.repo.GetUserPermissions(r.Context(), uuid.MustParse(userId))
+	if err != nil {
+		log.Println("ERR: Failed to list permissions from db:", err)
+		web.Error(w, "failed to get user permissions", http.StatusInternalServerError)
+		return
+	}
+
+	if len(permissions) == 0 {
+		permissions = make([]repository.Permission, 0)
+	}
+
+	encoder := json.NewEncoder(w)
+
+	w.Header().Set("Content-Type", "application/json")
+
+	if err := encoder.Encode(permissions); err != nil {
+		web.Error(w, "failed to encode response", http.StatusInternalServerError)
+	}
+}
diff --git a/internal/admin/routes.go b/internal/admin/routes.go
index bb679ff..6e3608f 100644
--- a/internal/admin/routes.go
+++ b/internal/admin/routes.go
@@ -41,6 +41,8 @@ func (h *AdminHandler) RegisterRoutes(router chi.Router) {
 
 		r.Get("/service-sessions", h.GetServiceSessions)
 		r.Patch("/service-sessions/revoke/{id}", h.RevokeUserSession)
+
+		r.Get("/permissions", h.GetPermissions)
 	})
 
 	router.Get("/api-services/client/{client_id}", h.GetApiServiceCID)